Connecting to Kepware OPC-UA

OPC-UA makes connecting to third party OPC servers quick and easy without all the headaches associated with COM. This is a detailed step-by-step guide to connecting to KEPServerEX from Ignition using OPC-UA.

To connect to KEPServerEX from Ignition using OPC-UA

  1. In the Configure section of the Gateway, go to OPC Connections > Servers.
    The OPC Server Connection page is displayed showing the OPC-UA servers you Ignition is connected to.

  2. Find the orange arrow and click on Create new OPC Server Connection….
    The Add OPC Server Connection Step 1: Choose Type page is displayed.

  3. Choose OPC-UA as the connection type and click Next.

The next steps depends on the version of Ignition being used.

Ignition version 7.8 and up

Ignition 7.8 and up

  1. On the Discover OPC-UA Endpoints page, type in the endpoint of the OPC-UA server Ignition should connect to. The format should be as follows:

    opc.tcp://IpAddress:Port
    #Examples
    #If KepServer is installed on the same server as Ignition and uses the default port, the following endpoint could be used:
    opc.tcp://localhost:49320
    #If KepServer is installed on a different server from Ignition, then the IP address would be used:
    opc.tcp://10.1.1.10:49320

    Once an endpoint has been entered, click the Discover button. A list of available Security Policies and Message Security options will appear.

  2. Select a Security Policy and Message Security configuration to use when connecting to the endpoint. Both Basic256 and SignAndEncrypt offer a higher level of security.

    images/download/attachments/6035017/kepware.PNG

    Once an endpoint configuration has been selected, click the Next button.

  3. On the New OPC UA Connection Settings page, give the connection a name and click the Create New OPC Server Connection button. A Username and Password do not need to be given, and should be left blank.

  4. The connection will appear as Faulted. This is expected because KEPServerEX is denying access to the Ignition OPC-UA Client. The next step is to have KEPServerEX trust the Ignition OPC-UA Client.

    Right-click on the KEPServerEX icon on the desktop KEPServerEx is installed on and from the menu select OPC UA Configuration.
    The OPC UA Configuration Manager is will appear.

  5. On the OPC UA Configuration Manager window, go to the Trusted Clients tab, click on Ignition OPC-UA Client, click the Trust button, and click Close.
    Now the OPC Server Connections page shows the Status of Kepware to be Connected.

    Troubleshooting: If Status does not read Connected, click the edit link next to the server connection, scroll down to the bottom of the connection configuration page, and click Save. If Status is still reading something other than Connected, click the OPC Connection Status link at the bottom of the OPC Server Connections page and see if there are any useful messages to help troubleshoot the issue. Also ensure your firewall is not blocking traffic on the port that KEPServerEX is using to communicate.

  6. Go to the OPC Connections > Quick Client in the Configure section of the Gateway, under the Kepware > Channel1 > Device1 folder you will see the Tag folders.

Ignition version 7.7 and prior

Ignition 7.7 and prior

  1. In the Configure section of the Gateway, go to OPC Connections > Servers.
    The OPC Server Connection page is displayed showing the OPC-UA servers you Ignition is connected to.

  2. Find the orange arrow and click on Create new OPC Server Connection….
    The Add OPC Server Connection Step 1: Choose Type page is displayed.

  3. Choose OPC-UA as the connection type and click Next.

  4. On the New OPC Server Connection page, leave all the default values and type in the following fields:
    Name: Kepware, the name you specify here will appear under Devices folder on the Quick Client page in the Gateway.
    Host: localhost, if the Kepware server is hosted on your own machine otherwise use the actual IP address of the machine
    Port: 49320, which is the default port

  5. Right-click on the KEPServerEX icon on your desktop and from the menu select OPC UA Configuration.
    The OPC UA Configuration Manager is displayed.

  6. Go to the Server Endpoints tab, check the URL to ensure it shows your localhost and the 49320 port, and click Close.

  7. Go back to the New OPC Server Connection page, make sure you have the following default settings:
    Security Policy: Basic128Rsa15
    Message Security Mode: SignAndEncrypt

  8. Leave the Password fields empty and click Create New OPC Server Connection.
    The OPC Server Connections page shows the Status of Kepware to be Faulted and not connected. The reason for this is that Kepware is denying access to the Ignition OPC-UA Client.

  9. To make the Ignition OPC-UA Client a trusted client, go back to the KEPServerEX icon on your desktop and from the menu select OPC UA Configuration.

  10. On the OPC UA Configuration Manager window, go to the Trusted Clients tab, click on Ignition OPC-UA Client, click the Trust button, and click Close.
    Now the OPC Server Connections page shows the Status of Kepware to be Connected.

    Troubleshooting: If Status does not read Connected, click the edit link next to the server connection, scroll down to the bottom of the connection configuration page, and click Save. If Status is still reading something other than Connected, click the OPC Connection Status link at the bottom of the OPC Server Connections page and see if there are any useful messages to help troubleshoot the issue. Also ensure your firewall is not blocking traffic on the port that KEPServerEX is using to communicate.

  11. Go to the OPC Connections > Quick Client in the Configure section of the Gateway, under the Kepware > Channel1 > Device1 folder you will see the Tag folders.

Other UA Servers

While the above example is specific to KEPServerEX, the same concepts apply to connecting to any other third party OPC server that accepts OPC-UA client connections. The only difference may be in the way that the certificates are accepted on the server.

The Ignition OPC-UA server sends the client certificate to the third party OPC server when it tries to make the connection, however if the OPC server is not designed to expect these certificates then there may not be a straight forward way to accept them. In these cases you can manual download a client ticket from Ignition and supply it to the OPC server in the appropriate manner.

To download a client certificate manually

  1. Go to Configure section in the Gateway.

  2. Select OPC-UA > Certificate from the left side of the page.
    The Manage Certificate page is displayed.

  3. In the This Gateway tab, click the download link under Ignition OPC-UA Client, and save the certificate somewhere to disk.
    This certificate is then supplied to your third-party OPC server in a way specific to that server. For more information, check respective server's documentation.

Next ...

  • add link here